MCP.so
ログイン

Keycloak MCP Server

@sshaaf

Keycloak MCP Server について

An MCP server for Keycloak, designed to work with Keycloak for identity and access management, covering, Users, Realms, Clients, Roles, Groups, IDPs, Authentication. Searching keycloak discourse, Native builds available.

基本情報

カテゴリ

その他

ランタイム

java

トランスポート

stdio

公開者

sshaaf

設定

以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。

{
  "mcpServers": {
    "keycloak-mcp-server": {
      "command": "docker",
      "args": [
        "run",
        "-d",
        "\\"
      ]
    }
  }
}

ツール

ツールは検出されませんでした

ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。

概要

What is Keycloak MCP Server?

Keycloak MCP Server is a Model Context Protocol (MCP) server that provides programmatic access to Keycloak administration functionality. It enables AI assistants and development tools to interact with Keycloak through the MCP protocol.

How to use Keycloak MCP Server?

Run the server via Docker with environment variables for Keycloak URL, realm, and OIDC client ID. Users authenticate with their own JWT tokens obtained from Keycloak, then configure their MCP client (e.g., in ~/.cursor/mcp.json) with SSE transport and an Authorization header containing the token.

Key features of Keycloak MCP Server

  • User JWT token authentication
  • Comprehensive Keycloak operations (users, realms, clients, roles, groups)
  • SSE transport for HTTP-based communication
  • Production-ready OpenShift/Kubernetes deployment
  • Multi-architecture container images
  • GraalVM native image support

Use cases of Keycloak MCP Server

  • Automate user management through AI assistants
  • Configure realms and clients programmatically
  • Manage roles and groups via chat interfaces
  • Integrate Keycloak administration with dev tools

FAQ from Keycloak MCP Server

How do I authenticate with the server?

Users authenticate by obtaining a JWT token from their Keycloak instance (using the provided get-mcp-token.sh script) and passing it as a Bearer token in the Authorization header of SSE requests.

What runtime does Keycloak MCP Server require?

The server is built on Quarkus and can run as a JAR, native image, or container. Docker is the recommended deployment method, with pre-built images available on Quay.io.

How is data stored and where does it live?

Keycloak MCP Server does not store data itself—it communicates with an external Keycloak server whose URL is provided via the KC_URL environment variable. All user, realm, and client data resides in that Keycloak instance.

What transport and authentication mechanisms are supported?

The server uses SSE (Server-Sent Events) transport for MCP communication. Authentication is handled via user-specific JWT tokens issued by Keycloak.

Are there any known limitations or alternatives mentioned?

No limitations or alternative servers are discussed in the README. The server focuses on providing comprehensive Keycloak administration via MCP.

コメント

「その他」の他のコンテンツ